UnsecuredServiceEntry: called from an unsecured environment via the "unsecuredServiceEntry" invoked in the LoginDisplay class. This allows a pass-through of an unsecured conversation to the user custom code.
User Authentication Methods
public void ucUnsecuredServiceEntry(
HttpServletRequest request, // the servlet request
HttpServletResponse response, // the servlet response
Connection dbconn, // the database connection
SesameSession session) // current session
throws Exception
You must be very careful not to do anything that would violate security concerns in this method, because there is no prior check for passwords, or the User ID, or for session cookies. This is currently used for an anchor call (action = unsecuredServiceEntry, option = LoginDisplay) in a form for modifying the user's password, which may be expired.
public void ucUnsecuredServiceEntry(
HttpServletRequest request, // the servlet request
HttpServletResponse response, // the servlet response
Connection dbconn, // the database connection
SesameSession session) // current session
throws Exception {
String stateVar = "doDisplay";
if (request.getParameter("stateVar") instanceof String) {
stateVar = (String) request.getParameter("stateVar");
}
if (stateVar != null && "doEdit".equals(stateVar)) RequestPasswordDisplay.doEdit(
request, response, dbconn, session);
else RequestPasswordDisplay.doDisplay(
request, response, dbconn, session);
}